Cisco Warns of Critical Nexus 9000 Data Center Flaw

Posted on May 5, 2019

Cisco Warns of Critical Nexus 9000 Data Center Flaw

A critical vulnerability in Cisco’s software-defined networking (SDN) software could allow an unauthenticated, remote attacker to connect to a vulnerable data-center switch and take it over, with the privileges of the root user. The bug (CVE-2019-1804), which has a CVSS severity rating of 9.8 out of 10, exists in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software, which is part of Cisco’s SDN approach. Enterprises use ACI to deploy and control applications across their infrastructure, including their multicloud footprints, with consistent policies – in theory boosting security and high availability.

The Nexus 9000 Series meanwhile is a line of data-center gear. Unfortunately, Cisco built in a default key pair for the software’s Secure Shell (SSH) key management function; so, the bug allows an attacker to uncover the pairing and connect to a vulnerable Nexus 9000 Series device remotely, as if he or she were the legitimate user. The bug is present in all devices that run the software, if they are running a Cisco NX-OS software release prior to 14.1(1i).

There are no workarounds, so Cisco is encouraging users to update to the latest software release. The fix is only an interim patch, however.